Increasing the secret bit rate of a Quantum Key Distribution (QKD) system based on Bennett and Brassard's 1984 protocol (BB84) by dialing-up the clock rate of existing QKD approaches using a two-dimensional Hilbert space spanned by photon polarization (1 bit per photon (“bpp”)) is difficult because of restrictions imposed by detector timing jitter and deadtime. Higher secure rates could be achieved using other photon degrees of freedom, and transmitting multiple bits per photon. Higher-order alphabet quantum coding must be robust to decoherence from atmospheric turbulence and atmospheric or fiber-optic dispersion. Unfortunately, conventional higher order alphabet based approaches are unsuitable for practical applications.
Several photon degrees of freedom have been used in higher-order alphabet quantum communications across atmospheric paths. Spatial, temporal, and photon optical angular momentum (OAM) modes can provide a large number of Hilbert space dimensions but none of these approaches provides secure, robust systems that actually produce secret keys at rates that can approach 1 Gbs. Existing modulation methods for OAM modes use mechanical or liquid crystal devices that remain far from the GHz clock rates that are necessary to achieve the 1 Gbps goal. Such states are not robust to weak turbulence and require full adaptive optics for the limited weak turbulence periods when such communications are possible. This method of encoding is also not amenable to transmission through standard single-mode fiber.
Time-bin encoding of quantum information in a higher-order alphabet would be robust under atmospheric transmission, but the necessary serialization of quantum information over multiple time bins limits the secure rate. For example, if a 1000 state time bin alphabet were required and detector jitter was 20 ps, each individual pulse would need to be 20 ns apart, limiting overall transmission rate to 50 MHz. This reduced transmission rate negates the advantages of the high-order alphabet.
Entangled photon QKD is limited by the speed and performance of the source of entangled photons. It is also frequently suggested that the non-locality of quantum physics provides a higher level of security assurance than prepare and measure schemes. However, this assertion hinges critically on the “fair sampling” assumption, which cannot be assumed to hold in the adversarial cryptographic setting. This assumption can be exploited to produce a completely insecure system, in spite of nonlocality.
Continuous variable (CV) QKD is another approach that may be effective over atmospheric paths. However, the security analyses of these approaches have yet to reach the high assurances levels and sophisticated protocol techniques (decoy state and finite statistics) already developed and demonstrated for single-photon QKD.
Quantum noise encryption using the Y00 or alpha-eta protocol has some quantum optical similarities with CV QKD. This technique has been demonstrated at rates approaching 1 Gbps over hundreds of kilometers of optical fiber, and recently over an airplane to ground optical path. Nevertheless, this approach remains highly controversial. First, the transmitter and receiver require a shared long-term secret key: secure distribution of this key is not addressed. In contrast, QKD only requires a short, one-time short-term secret key for authentication of the first session. Once QKD commences, it is of no consequence if this initial key becomes compromised owing to the forward security of QKD. Second, this long-term secret key is used as the seed of a deterministic random number generator (DRNG) whose output feeds the Y00 encryptor. It has been shown that Y00 is therefore no more secure than the underlying DRNG, i.e., Y00 has algorithmic, not quantum physical security, at best. Third, Y00 quantum state outputs reveal information about the secret key, which is something that no encryptor should do: Y00 is less secure than an encryptor using the DRNGs directly as stream ciphers. Thus, the Y00 approach lacks strong security assurances.